The Global Analysis of Weak Signals for Enterprise Event Detection (GAWSEED) project is studing weak signals across multiple large-enterprise datasets looking for signs of malicious activity so small they may be passed over by a single enterprise’s operational staff. GAWSEED has three goals to meet this challenge:
We will create new security-event sensors by analyzing structures in data sources using insights about protocols and host-based information sources. Analysis of these structures will develop new methods to expose security events even in weak signals, and evaluate use of corroborative information to further amplify them.
These signals and supporting information will serve as features for machine-learning-augmented algorithms to find, classify, and prioritize discovered security events.
To draw upon sensor data distributed across multiple enterprises, we will develop inter-enterprise sharing and control protocols. These protocols will address challenges in distributed computation and constrained communication in the face of soemtimes conflicting policies about privacy and sharing.
GAWSEED is part of ANT Lab at USC/ISI (PIs: John Heidemann and Wes Hardaker in the networking division, and Aram Galystan from the AI division. It is joint work with researchers at Parsons Corporation. It is supported by DARPA as part of the CHASE program.
For related publications, please see the ANT publications web page.
See also the see the ANT distribution web page.